Bulkhead pattern: isolating failures in multi-tenant systems

we recently had an incident where a single tenant performing a massive data import effectively starved resources for all other tenants in a multi-tenant service. it highlighted the need for better isolation, and the bulkhead pattern came up. i'm considering a few options: separate database connection pools per tenant, implementing strict tenant-level rate limiting, or even running separate compute instances for our largest tenants. each approach has trade-offs between isolation strength and operational complexity/cost. for a service with a wide distribution of tenant sizes (from small businesses to large enterprises), what are the most effective ways to implement bulkheads to prevent one noisy neighbor from impacting everyone else? what's the sweet spot for isolation without over-engineering?